I have to restrict public access to my Azure app service, Hence I have implemented IP whitelist in web config. Is it required to whitelist the Azure datacenter IP ranges? My app service uses Azure SQL, redis and search service.

1. Short answer to your question is no, you will not need to add Azure data center IP addresses for using Azure services. Only case where you need to add IP addresses to the allow list is when a service/application tries to access your web application and not the other way round.

2. Given your objective to restrict public access, you should definitely consider using the IP restrictions feature from Azure Portal. Microsoft has improved this feature and it's better than having just the web.config <ipsecurity> configuration,

   • With Azure App Service IP restrictions, traffic will blocked even before it reaches your IIS.
   • You can still continue to use your web.config configuration as it is.
   • Configuration effort is pretty minimal as it's all available through portal

Read more about it here Azure App Service Static IP Restrictions

For a time, the IP Restrictions capability in the portal was a layer on top of the ipSecurity capability in IIS. The current IP Restrictions capability is different. You can still configure ipSecurity within your application web.config but the front-end based IP Restrictions rules will be applied before any traffic reaches IIS.